In a recent discussion with a practice administrator, I discovered a pretty important misconception about what should really be included in a proper HIPAA Risk Analysis. Not that the administrator was doing anything wrong but the understanding of what is a Risk...
Changes to the Privacy Rule under the Omnibus Ruling require ALL CEs update and distribute their Notice of Privacy Practices (NPP). There is no option, it is stated specifically. A review of the changes makes it obvious why updates must be done, though. The original...
The definition of a Business Associates (BAs) changed under HIPAA 2.0 to broaden the scope of who is considered a BA as well as exactly what a BA is obligated to do for compliance. While the changes seem obvious and not too complicated to implement according to those...
Where do you get started with all these changes? It is important to understand that HIPAA 2.0 compliance means more than just having an annual training session and a book of policies on the shelf. HIPAA 2.0 means regular training in all areas of your business and...
There is a lot of information to cover in the details of the Final Rule. This article only contains a list of bullet points. All changes in the 2013 Omnibus Rule are not guaranteed to be included in this list. Each entity should make sure they review all aspects of...
This blog focuses on Small Providers and Business Associates because they need help getting the compliance requirements under control and documented properly. The data included in the Final Rule along with recent presentations by the Office for Civil Rights providing...
The medical information a patient shares with any healthcare provider should be private information. HIPAA is the formal way to assure patients a provider takes the commitment to protect their medical information seriously. Healthcare providers make three commitments...
